Delete Secrets From Git History

Secrets in the recent or latest code are easy to delete if you find them. However, if those secrets are in previous commits, removing them becomes more challenging. Fortunately, there is a way to delete secrets from your commit history as well.

Git-Filter-Repo is a powerful and flexible tool designed to rewrite Git repository history, even for large repositories. Using this tool, you can delete secrets from your repository with just a few easy steps. For detailed information refer to this https://github.com/newren/git-filter-repo (opens in a new tab)
Install Git-Filter-Repo via pip

pip install git-filter-repo 

Clone your code to your local machine

git clone <url>

Navigate to the cloned repository in your file system.

cd <repo name>

To ensure that your local repository contains all the latest changes, including branches and tags from all remote sources, execute the below command.

git pull --all --tags

Create a .txt file listing the secrets you want to remove or modify as shown below.

Secrettobeupdated==>"deleted"
secret==>"  "

Then, provide the file path in the command, this will replace all the secrets with your given input.

git filter-repo --replace-text (path) --force

After executing the command, the changes will be applied locally. To update all commits and history in the remote repository, you need to push the changes by specifying the repository URL.

git push --tags --force <url>

git push --all --force <url>

If you check the history for the secrets, you won't find them. The changes will be applied to the files containing those secrets without affecting any other data or commits.